CVE-2023-38000
Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block
Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.
We have discovered 494,516 live websites that are affected by CVE-2023-38000.
Affected Software
| Product |  WordPress |
| Category | Content Management System |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 780 |
| Vulnerable Domains | 494,516 live websites (4.34% of WordPress install base) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-38000 and the relative popularity of websitesDetails
- Published - Oct 13, 2023
- Updated - Oct 13, 2023
Credits
- Rafie Muhammad (Patchstack) (finder)
- Edouard Lamoine (Patchstack) (finder)
CWE
CVE References
CWE References
Countries
 United States | 122,286 websites |
 Germany | 52,655 websites |
 GB | 27,608 websites |
 France | 22,433 websites |
 Netherlands | 21,040 websites |
 Italy | 19,999 websites |
 Poland | 18,669 websites |
 Japan | 15,621 websites |
 Spain | 15,284 websites |
 Russia | 12,812 websites |
TLDs
| .com | 192,777 websites |
| .de | 35,495 websites |
| .org | 22,380 websites |
| .nl | 17,466 websites |
| .co.uk | 15,788 websites |
| .net | 13,982 websites |
| .pl | 13,685 websites |
| .it | 13,536 websites |
| .ru | 10,535 websites |
| .com.br | 9,561 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-38000 through included software libraries and plugins.References
- https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve
- https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve
Websites affected by CVE-2023-38000
Top websites that are affected by CVE-2023-38000. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.org | United States | *** | |
| ***.******.com | United States | *** | |
| ***.*********.com | United States | *** | |
| **********.ca |  Canada | *,*** | |
| ****.*******.org | United States | *,*** | |
| **********.org | United States | *,*** | |
| ***.*********.com | United States | *,*** | |
| ********.com |  Singapore | *,*** | |
| ***.************.com | United States | *,*** | |
| ***.******.de | Germany | *,*** |